Attorney Docket No. 030457 



IN THE CLAIMS 

Please amend the claims as follows: 

1.-23 (Canceled) 

24. (Currently Amended) A method for operating a credential server to authenticate 
an application running on a device, wherein the application transmits a request for data to a data 
server and the request comprises an application credential, the method comprising: 

receiving [a]an application identifier in a request for a server credential; 

generating the server credential using the application identifier and a master credential, 
wherein the master credential allows the device to be authenticated to other entities; and 

transmitting the server credential to the data server, wherein if the server credential and 
the application credential match, the application is authenticated. 

25. (Original) The method of claim 24, further comprising receiving an 
authentication token that proves the request is associated with the application identifier. 

26. (Original) The method of claim 24, further comprising: 
receiving the application credential; 

matching the application credential and the server credential; and 

transmitting an authorization to the data server to fulfill the data request if the application 
credential matches the server credential. 

27. (Original) The method of claim 24, wherein the step of generating comprises 
generating the server credential using a one-way generation technique, so that the application 
identifier and the master credential cannot be discovered from the server credential. 

28. (Currently Amended) Apparatus for use with a credential server to authenticate 
an application running on a device, wherein the application transmits a request for data to a data 
server and the request comprises an application credential, the apparatus comprising: 

first receiving logic that operates to receive [a]an application identifier in a request for a 
server credential; 
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generating logic that operates to generate the server credential based on the application 
identifier and a master credential, wherein the master credential allows the device to be 
authenticated to other entities; and 

transmitting logic that operates to transmit the server credential to the data server, 
wherein the data server matches the server credential to the application credential to authenticate 
the application. 

29. (Original) The apparatus of claim 28, further comprising receiving an 
authentication token that proves the request is associated with the application identifier. 

30. (Original) The apparatus of claim 28, wherein the generating logic comprises 
logic to generate the server credential using a one-way generation technique, so that the 
application identifier and the master credential cannot be discovered from the server credential. 

31. (Original) The apparatus of claim 28, further comprising: 

second receiving logic that operates to receive the application credential; and 
matching logic that operates to match the application credential with the server 

credential, and transmit an authorization to fulfill the data request to the data server if the 

application credential matches the server credential. 

32. (Currently Amended) Apparatus for use with a credential server to authenticate 
an application running on a device, wherein the application transmits a request for data to a data 
server and the request comprises an application credential, the apparatus comprising: 

means for receiving [a]an application identifier in a request for a server credential; 

means for generating the server credential based on the application identifier and a 
master credential, wherein the master credential allows the device to be authenticated to other 
entities; and 

means for transmitting the server credential to the data server, wherein the data server 
matches the server credential to the application credential to authenticate the application. 

33. (Original) The apparatus of claim 32, further comprising receiving an 
authentication token that proves the request is associated with the application identifier. 
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34. (Original) The apparatus of claim 32, wherein the means for generating 
comprises means for generating the server credential using a one-way generation technique, so 
that the application identifier and the master credential cannot be discovered from the server 
credential. 

35. (Original) The apparatus of claim 32, further comprising: 
means for receiving the application credential; and 

means for matching the application credential with the server credential; and 
means for transmitting an authorization to fulfill the data request to the data server if the 
application credential matches the server credential. 

36. (Currently Amended) A computer-readable media comprising instructions, which 
when executed by a processor in a credential server, operate to authenticate an application 
running on a device, wherein the application transmits a request for data to a data server and the 
request comprises an application credential, the computer-readable media comprising: 

instructions for receiving [a]an application identifier in a request for a server credential; 

instructions for generating the server credential based on the application identifier and a 
master credential, wherein the master credential allows the device to be authenticated to other 
entities; and 

instructions for transmitting the server credential to the data server, wherein the data 
server matches the server credential to the application credential to authenticate the application. 

37. (Original) The computer-readable media of claim 36, further comprising 
receiving an authentication token that proves the request is associated with the application 
identifier. 

38. (Original) The computer-readable media of claim 36, wherein the instructions for 
generating comprises instructions for generating the server credential using a one-way 
generation technique, so that the application identifier and the master credential cannot be 
discovered from the server credential. 

39. (Original) The computer-readable media of claim 36, further comprising: 
instructions for receiving the application credential; and 

instructions for matching the application credential with the server credential; and 
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instructions for transmitting an authorization to fulfill the data request to the data server 
if the application credential matches the server credential. 

40. (Currently Amended) A method for processing an application credential 
associated with an application running on a device, wherein the application credential is used by 
the application to authenticate to a data server, the method comprising: 

receiving a request to generate the application credential, wherein the request includes 
[a]an application identifier; 

generating the application credential using the application identifier and a master 
credential, wherein the master credential allows the device to be authenticated to other entities; 

transmitting a request for data to a data server, wherein the request comprises the 
application credential; 

requesting a server credential from a credential server, wherein the request for the server 
credential comprises the application identifier and a token by which the data server authenticates 
itself; 

generating the server credential using the application identifier and the master credential; 
transmitting the server credential to the data server; 

matching the server credential with the application credential, wherein the application is 
authenticated if the two credentials match; and 
transmitting the data to the application. 

41 . (Original) The method of claim 40, wherein the application credential and the 
server credential are generated using a one-way generation technique, so that the application 
identifier and the master credential cannot be discovered. 

42. (Previously presented) The method of claim 40, further comprising using a 
modification detection and authentication technique to determine if the application identifier has 
been modified and prove the application is associated with the application identifier. 

43 . (Previously presented) The method of claim 42, wherein the modification 
detection and authentication technique is a digital signature. 
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44. (Original) The method of claim 40, further comprising receiving an 
authentication token at the credential server that proves the request is associated with the 
application identifier. 

45. (Original) The method of claim 40, wherein the device is a wireless device. 

46. (New) The method of claim 1, wherein the application requesting the server 
credential is one of a plurality of applications running at the device, and the application identifier 
identifies only the application requesting the server credential. 
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